Chapter 22

Addressing FISMA Findings


Understanding how to resolve the reported vulnerabilities is the final step in the FISMA compliance process. The weaknesses noted in the Security Assessment Report need to be identified and described in a document known as the Plan of Action & Milestones (POA&M). The POA&M represents the ISSO’s to-do list and typically needs to be approved by the evaluation team that evaluated the system before they send in the recommendation for authorization. If the POA&M is well articulated, the system owner will likely obtain an Authority to Operate.


Findings; Plan of Action & Milestones; POAM; POA&M; Security weaknesses; Authority to Operate; Source of Discovery; Severity; ISSO; System owner

I don’t believe ...

Get FISMA Compliance Handbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.